Current Projects

Interactively exploring 3D scanned dynamic environments


Industry partner: Swiss Post
The goal of this project is to showcase the diversity of Swiss Post as a workplace through immersive and realistic 3D experiences for people to discover and explore using emerging technologies, including Virtual Reality headsets and interactive 3D experiences on tablets and mobile devices. These experiences will give people who are unfamiliar with the activities of Swiss Post novel opportunities for insight into the daily lives of Swiss Post employees and customers across a variety of divisions. The immersive 3D experiences we are creating in this project are based on actual 3D environmental scans, fully interactive and ready to be explored to understand the World of Swiss Post. We also use the rich captures of daily procedures performed by Swiss Post employees for training purposes of new personnel, thereby moving away from text-based instructions to immersive 3D scenarios that will aid learning on the job.

Robotic stacking of parcels in containers and roll cages


Industry partner: Swiss Post
Our goal is to endow robots with the ability to dynamically manipulate and stack rigid boxes. This task requires specialized motion planning algorithms for 1) robust grasping and 2) collision-free trajectories to efficiently move boxes from a conveyor belt to their final location in the container. Both sub-tasks must take into account the workspace of the robot. For example, if reachability is somewhat limited, then the boxes could be tossed gently, or placed down and pushed into their final spot. Such strategies, which are often employed by human workers, require robots to possess a deep understanding of contacts and friction, dynamics, robustness against unanticipated perturbations, dynamic regrasping strategies, etc. The ultimate goal of this project is to endow robots with human-level skill when it comes to loading parcels.

Manipulation of non-rigid e-commerce parcels

Industry partner: Swiss Post
The range (size, shape, internal composition, overall stiffness, etc) of items that Swiss Post must process on a daily basis is rapidly growing. Rather than relying on human labor to sort through these types of non-standard parcels, our goal is to endow robots with the intelligence required to dexterously manipulate soft, unstructured objects. To this end, we will build on the model-based methodology that the CRL research group has recently introduced. In particular, the objective of this project will be to develop technical foundations to allow robots 1) to build an internal mechanical model of soft/unstructured parcels by feeling/scanning/manipulating the items, and 2), to autonomously understand how to grasp, pick up, and dynamically place soft objects on a conveyor belt in a desired configuration.

Secure Governance Schemes for Blockchains

Basic research
Systems based on blockchain technology are promising, as they can be decentralized and rendered robust against attacks. A blockchain is a (distributed) ledger, in which all transactions are recorded sequentially. Because such systems build on distributed consensus they function without the need to build trust among its participants. We develop a new secure voting scheme for the governance of a proof-of-stake blockchain. Although our focus is on governance, we also expect to reap insights that can be helpful to achieve distributed consensus more efficiently.

Highly Available Communication for Financial Networks
Scion

Industry partners: SIX, ZKB
Communication, in particular for critical infrastructures, requires a high level of availability that remains available despite earthquakes, power outages, misconfigurations, or network attackers. One example is the financial industry, which has high requirements on availability to ensure that up-to-date trading information is accessible, that financial transactions are executed within short time windows, and that end customers can execute banking applications online.

Formal Methods for Federated Identity Management
Tamarin attack

Industry partner: ZKB
Federated identity management protocols offer a single sign-on experience for users, where they can use their account with an identity provider to log in to other services. Thus, users have to remember fewer passwords. A widely used protocol to this end is OpenID Connect. These protocols are complex, and are run between many different identity providers, services, and users. It is therefore not surprising that they have been subject to both security and privacy issues. We use state-of-the-art protocol verification tools to analyze the security and privacy of these protocols, and design provably secure improvements.

Security of Avionics Communication Systems
Hermes 900 HFE Drone des VBS

Industry partner: Armasuisse
Airspaces are getting more and more crowded, not only with commercial aircraft flying passengers around the world for their holidays but also with hobbyist pilots with smaller airplanes as well as unmanned aerial vehicles from private to professional categories. Many of the communication protocols still used in aviation for the foreseeable future were standardized when only nation state adversaries were able to acquire the hardware and skill to tamper with avionics signals. Today, however, the advent of software-defined radios enables practically everyone to listen to or inject their own signals into avionics communication protocols, creating security and privacy concerns.

Blockchain and Cloud Security

Industry partner: NEC
In this project, NEC and ETH are aiming to address various issues in cloud and blockchain security in order to improve the security and scalability of existing storage services. First, in the area of blockchain technology our project focuses on the security and privacy of different blockchain technologies and on the development of new protocols and systems to enhance functionality. Second, in the area of cloud security our projects investigated secure data deduplication that allows storage reduction and makes cloud storage financially attractive to customers, along with novel access control paradigms that allow data sharing according to end users’ needs.

Industry partner: NEC
Maintaining security and privacy in 5G is highly challenging because 5G connects every aspect of our online life to the network, providing connectivity for much critical data stored or shared online. In this project, NEC and ETH are aiming to enhance the security of 5G networks by building a new 5G network slicing architecture that enables: i) dynamic network isolation of mobile devices, ii) network slicing over WAN (Wide-Area Network), iii) secure access control, and iv) scalable key establishment and management.

Industry partner: armasuisse
Many of todays attacks in computer networks are not performed by outside attackers but by malicious insiders. These in-network attacks cannot be mitigated by security applications deployed at the network edge because attack traffic stays within the network. In this project, we leverage recent advances in programmable network architectures to integrate security applications in the network infrastructure itself. This allows them to run in the data plane of a network, on each packet, and without degrading the performance.
Intermediate results of this project include systems to anonymize traffic and to prevent link-flooding attacks.

Full-Stack Verification of Secure Inter-Domain Routing Protocols

Basic research
Inter-domain routing is at the heart of the Internet, yet little effort has been spent on building a formally verified secure routing protocol. In this project, we verify the next-generation routing protocol SCION, from high-level properties down to the implementation. We prove the security of the protocol in the symbolic model and extract a specification of the IO-behavior of SCION routers from it using refinement. On the code level this specification is used to prove the correctness of the implementation. We develop a new technique that establishes a provably sound link between protocol and software verification.

User-Complemented Phishing Protection

Industry partner: Swiss Post
Phishing emails – deceptive messages that trick users into revealing sensitive data – are still a major problem in corporate settings. In this project, we aim to improve phishing detection and education, by bringing users into the security loop. We aim to understand the most effective ways to train users to recognize such deceptive emails and to increase awareness. Moreover, we plan to analyze whether user reports of phishing emails can help security, by improving the performance of automatic detection systems.
Furthermore, as automatic detection systems still mostly rely on rules created manually by experts, we aim at understanding whether a Machine Learning driven system could generate high-quality rules from such user reports.

Towards Provably Secure Internet Communication

Basic research
Nowadays, the wide-spread access to the Internet enables quick communication, unrestrained by physical location. However, this comes at a cost of new security risks, since now private messages become available to adversarial entities, located anywhere around the world. Hence, secure-communication protocols (e.g., session-establishment protocols, such as TLS, or secure-messaging protocols like Signal’s double ratchet), offering different security-functionality-efficiency trade-offs, become essential. The goal of this project is to explore the space of secure-communication protocols from the cryptographic perspective, using various modeling tools, such as the game-based security analysis and the constructive cryptography framework.

Topology-Hiding Computation

Basic research
The topology of the communication network contains highly sensitive information in countless applications, including social networks (e.g. Facebook, Twitter, LinkedIn), the Internet of Things (IoT) or ad-hoc vehicular networks. For example, in social networks the topology of the network contains information about the social data; in IoT and ad-hoc vehicular networks, the position of a node within the network depends on the node’s physical location, which could in turn leak information about the node’s identity or other confidential parameters. The goal of this project is to design protocols that prevent parties, and even colluding sets of parties to learn anything about the network apart from their immediate neighbors.

Automatic Visual Document Parsing

Industry partner: Zurich
In this project, we are building a system that produces an intermediate representation for a diverse range of documents. It takes as input PDF documents or document images and translates them into structured files (e.g. JSON) containing the natural semantic hierarchy representing a document. These JSON files can be queried using a document database, and be used as a uniform document representation by downstream information extraction engines. The system utilizes convolutional neural networks to visually detect structure elements on document pages and is pretrained on a large dataset of scientific documents in a weakly supervised manner.

Quantum players in constructive cryptography

Basic research
What does quantum mechanics this imply for cryptography? On one hand, adversaries may have abilities that are not captured by a “classical” adversary. On the other, the (honest) users may also use quantum technology to increase the security of their protocols. The goal of this project is to model quantum players in the constructive cryptography framework of Maurer and Renner. The first part of the project involves modifying the framework itself so that it has the power need to capture such quantum players. The second part of the project consists in using the framework to model cryptographic security in various applications.

Self-securing Networks

Industry partner: Armasuisse
In this project, we aim to build data-driven network infrastructures that can autonomously protect, detect and defend themselves against attacks. We intend to develop network-specific learning and inference algorithms that can run directly in the data plane, in real-time, to perform tasks that are difficult to solve today such as (encrypted) traffic classification and fine-grained anomaly detection. To implement these learning and inference algorithms, we intend to leverage newly available capabilities of programmable data planes to run complex forwarding logics.

In this project, we explore recent advances in privacy preserving learning methods for cyber insurance. In particular, we focus on differentially private gradient boosted decision trees. Differentially private learning methods allow us to learn information about a dataset while withholding information about any specific instance from the dataset. In other words, the influence of every single instance on the learned model is deniable, hence preserving the instance’s privacy.